About Web is currently seeking qualified candidates for a Continual Monitoring/Security Analyst in Washington, DC.

General Description of Duties:

" Lead and participate in Continuous Monitoring (CM) and Site Assistance Visits (SAV).
" Review and create documentation and reports such as System Security Plans, Risk Assessments, CM and Site SAV Reports, etc.
" Provide recommendations related to improving control implementations, plans of action and milestones (POA&Ms), etc.

This position will provide oversight to a large and complex portfolio of continuous monitoring processes for a federal client. The primary functions of the job are to: assess implementation of cyber security policies, procedures and security control implementations; serve as an information security risk analyst; analyze security implications of systems and programs; and to provide written and oral analysis, reports, and briefings for federal management and senior executive personnel. The position performs risk assessments, Security Tests and Evaluations (ST&Es), contingency plan testing, incident response exercises, and other advanced-level CM activities in accordance with NIST Special Publications 800-30 Rev 1, 800-37 Rev 1, 800-60 (Vols 1&2 Rev 1), 800-53 Rev 4, 800-53A Rev 4, FIPS 199 and related OMB and NIST guidance. This position requires a working knowledge of network technologies such as Microsoft Windows and Linux operating systems; Microsoft Active Directory ; database security; service oriented architectures; vulnerability testing; networking protocols and topologies; security architectures; and incident management. The position requires 28-30% domestic travel; an ability to work with clients resident in multiple time zones; a demonstrated capacity to analyze, review, and occasionally apply technology solutions which meet the security control requirements specified by the Department of Energy, FISMA, OMB, and NIST guidance. Superior technical, writing, and presentation skills are required, as well as excellent organizational skills, attention to detail, excellent customer service skills, knowledge of Microsoft Office, the ability to multitask, and excellent written and verbal communication skills. Certified Information Systems Security Professional (CISSP) and/or Certified Information Systems Auditor (CISA) certification are highly desirable.

Security clearance: Must be able to obtain and continue to hold a DOE Q or DOD TS security clearance